Microsoft Warrant Ruling Puts Service Providers in Bind

August 01, 2014

​Fenwick & West litigation partner and privacy co-chair Tyler Newby was quoted by Law360 regarding a district court ruling that information stored outside of the country by U.S.-based email providers is still subject to the federal Stored Communications Act (SCA).

Unless overturned, the decision means Microsoft—in this particular case—and other American companies may be required to produce customer emails and other data, in conflict with the privacy laws in countries where the information is stored.

“U.S.-based service providers with customer data located overseas, especially in Europe, are rightfully concerned about not only the sovereignty issues ... but also that this could negatively impact their business in foreign countries,” Newby told Law360. “Customers in Europe and elsewhere are already concerned about storing data with U.S.-domiciled service providers, and now all of a sudden there's this scenario where that country's data security laws are being trumped by a U.S. search warrant.”

“What the court seems to be saying is that Congress' rationale in passing the SCA is that all that matters is if the records are in the control of the provider,” Newby said. “But that discounts a number of things, including the constitutional requirements that a search warrant needs to be within the jurisdiction of the U.S. and the court issuing the warrant.”

Newby told Law360 that when he served as a prosecutor in the U.S. Department of Justice's computer crimes and intellectual property section, he worked through formal and informal law enforcement cooperation agreements, such as mutual legal assistance treaties, when pursuing data stored on an overseas server by a U.S. company.

“From my perspective, I didn't believe that the SCA had an extraterritorial reach in this way,” he said. “But the government made a different calculation here, and they won.”

The full article is available through the Law360 website (subscription required).​